11 February 2012

Android.Bmaster Malware root access to connect to Botnet

A new Android malware named Android.Bmaster detected by researcher Xuxian Jiang at North Carolina State University. The malware was discovered on a third party marketplace (not the Android Market) and is bundled with a legitimate application for configuring phone settings.Symantec researcher Cathal Mullaney wrote in on Symantec blog. [Read Here]

This Malware is estimated to affect between 10,000 and 30,000 phones on any given day. The botnet targets mostly mobile users in of China. Chinese phones, works by using GingerBreak, a tool that gives users root access to Android 2.3 Gingerbread. RootSmart is designed to escape detection by being named "com.google.android.smart," which the same name as a settings app included by default with Android operating systems.


Once the malware is installed on the Android phone, an outbound connection from the infected phone to a remote server is generated. The malware posts some user and phone-specific data to the remote address and attempts to download and run an APK file from the server. The downloaded file is the second stage in the malware and is a Remote Administration Tool (RAT) for Android, detected as Android.Bmaster. This type of malware is used to remotely control a device by issuing commands from a remote server.

The following data is transmitted by the malware:

  • IMEI number
  • IMSI number
  • Cell ID
  • Location Area Code
  • Mobile Network Code

Stay Safe..

Hv gr8 day!

AbhiShek SinGh
Founder of 'TheHackingArticles'. Cyber Security Analyst, Cyber Security Researcher, and Software Engineer. Follow 'AbhiShek SinGh' on Facebook , Twitter or Google+ or via Email

Subscribe to stay up to date